Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Next, go to: http://download.ewido.net/ewido-setup.exe" Install Ewido Security Suite
" When installing, under "Additional Options" uncheck..
o Install background guard
o Install scan via context menu
" Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.
" On the left hand side of the main screen click update.
" Then click on Start Update.
The update will start and a progress bar will show the updates being installed.

If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes.
There should not be any opened browsers when you are carrying out the procedures below.
You will want to copy out these instructions and save them to notepad as you will not have internet connection during the fix.
Save the notepad to your desktop where you can find it.

Click on Start>>>Run and type into the box: services.msc click OKIn the page that opens, scroll down and find:
Windows Configuration LoaderRight click on file, and choose PropertiesClick Stop under Service status
From the dropdown menu under the heading Startup Type, choose DisableClick Apply and click OK

Remaining in the Services page, do the same steps with this one:
Hardware Clock DriverWhen finished, close the Services page.

Start up your computer, after the first 'beep' begin tapping on the F8 key. A black menu page will appear.
Use your arrow keys to choose Safe Mode (without networking!)Click on the Enter key.
Your desktop will appear, although it will be very distorted. The words Safe Mode will be in each corner of the desktop.

We need to open up hidden files and folders. Click Start>>>>Control Panel>>>>Folder Options and double click.
Under the View tab scroll down to Hidden Files and Folders
Check Show hidden files and folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended} Answer YesClick Apply and click OK

While still in Control Panel, double click on Add/Remove Programs.
Look for and uninstall: IST bar/ISTsvcYou will be prompted to reboot, choose NO

To make scanning easier and quicker, let's get rid of some temp files.
Click Start>>>>Run and type in the box: cleanmgr.exe click OKLet the application scan your computer, then make sure these 3 are checkmarked:
Temporary FilesTemporary Internet FilesRecycle Binclick OK and when finished, close the application.

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
Click Scanner Click Complete System Scan to begin scanning.
Click OK when prompted to clean files
With the first file it prompts to clean, select the option:
"Perform action on all infections" Choose clean and click OK.
Once finished, click the Save report button & save the report to your desktop.

Now open the smitRem folder, double-click on the the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed.
Please post that log along with all others requested in your next reply.

Open HJT and scan. Place a check/tick next to these items (if present):
[b][color=red]R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [Â¢â€°Â¸u0-4C }Ã¯Ã

You also need to find and delete every instance of these files:
atidrvxx.exe cstr.exe winupdatexx.exe MSNSRV32.exe MSNGRx.exe Sygate32.exe msnsgn.exe rtsal.exe ZoneX.exe svmhost.exe winasp.exe You will need to find them via Start>>>Search>>>Files/Foldersclick on All files and foldersChoose the Hard Drive ( C: ) and enter each name into the box for file name. This is best done in Safe Mode, so you will need to copy the list and save to notepad on your desktop so you can find it.

i got the downloads but on one of the furthur steps you tell me to go to windows configuration loader, i do so and it pops up , then disappears straight away!! (it also does that with windows device manager)
and i cant get any furthur than that step as it wont let me get into windows configuration loader.

I wrote for you to disable the Windows Configuration Service by going to Start then Run, and typing in services.msc.

Is it the Services page that won't stay open for you? If so, go on with the next bunch of steps. You will be offline for all that I listed, until you have run the tools, deleted the files and folders, so the Services "Stop/Disable" steps could be done after you have done the cleaning with the tools I had you download, and deleted the programs and files.

While you are in safe mode, you can try to go to the Services and stop those.

Max, I know this has you frustrated and concerned!

Just copy out the instructions and do the steps (leaving the services part until you are in safe mode.}

Work carefully so you don't delete the wrong items. I would strongly urge you to not use your computer for going online, until you have finished the steps I outlined for you.

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.